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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
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- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 
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Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 
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I )E3 Responsive to communication(s) filed on 16 August 2006 . 
2a)D This action is FINAL. 2b)KI This action is non-final. 
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5) D Claim(s) is/are allowed. 

6) [3 Claim(s) 1-21 is/are rejected. 
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8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 
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application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1) Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) p aP*r No(s)/Mail Date. . 

3) □ information Disclosure Statement(s) (PTO/SB/08) 5 > □ Notice of ,nformal Patent Application 

Paper No(s)/Mail Date . 6 ) I— I other: ■ 



U.S. Patent and Trademark Office 

PTOL-326 (Rev. 08-06) 



Office Action Summary 



Part of Paper No./Mail Date 20061030 



Application/Control Number: 10/785,579 Page 2 

Art Unit: 2191 

Response to Amendment 

1. This action is in response to the RCE filed on August 8, 2006. 

2. The objection to claims 1 and 1 1 due to acronym is withdrawn in view of 
applicant's amendment. 

3. The rejections under 35 U.S.C. §112 second paragraph to claims 1-20 is 
withdrawn in view of applicants amendment/comments. 

4. Claims amended by the applicants: 1, 5, 5-12, 14, 16, 19 and 20-21. 

5. Claims pending in the application: 1-21 . 

6. A request for continued examination under 37 CFR 1.114, including the fee 
set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since 
this application is eligible for continued examination under 37 CFR 1.114, and the 
fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous 
Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's 
submission filed on August 8, 2006 has been entered. 

Response to Arguments 

7. Applicant's arguments with respect to claims have been considered but are moot 
in view of the new ground(s) of rejection. 
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Claim Rejections ■ 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in section 
1 02 of this title, if the differences between the subject matter sought to be patented and the prior art are such that the 
subject matter as a whole would have been obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

9. Claims 1-21 are rejected under 35 U.S.C. 103(a) as being unpatentable over the 
document Phishing in Alternate Data Streams published by Berghel et al. (hereinafter, 
Berghel) published in Feb 6, 2004 in view of US Patent No. 6,744,450 to Zimniewicz et 
al. (hereinafter, Zimniewicz). 

Per claim 1: 
Berghel discloses: 

- A method for secure installation and operation of software, said method 
comprising: 

- employing an NT File Structure logical volume (page 1 section Alternate Data 
Stream "NTFS the "primary" data stream..."); 

- employing an installer; writing a Primary Data Stream file to said NT File 
Structure logical volume from said installer (page 1 Alternate Data Stream "large 
number... alternate data stream (ADSs)... associated with... primary data stream 
(PDS)"); 
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- associating data with said Primary Data Stream file (page 1 Alternate Data 
Stream "large number... alternate data stream (ADSs)... associated with... 
primary data stream (PDS)"); and 

- writing said associated data to said NT File Structure logical volume as an 
Alternate Data Stream file from said installer (page 1 Alternate Data Stream 
"large number... alternate data stream (ADSs)... associated with... primary data 
stream (PDS)"). 

Berghel does not explicitly disclose installer. 

However, Zimniewicz discloses in an analogous computer system installer is 
used to install the applications (See FIG. 3, 4b, 4c and related discussion..."). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to incorporate the method of having an installer to 
install the application as taught by Zimniewicz into the method of installation of ADS 
PDS files as taught by Berghel. The modification would be obvious because of one of 
ordinary skill in the art would be motivated to have installer to provide the user a logical 
and easy to understand way that allow them to clearly see the state of the components 
affected, and what actions will be performed as suggested by Zimniewicz (col. 3, lines 
5-22). 



Application/Control Number: 10/785,579 Page 5 

Art Unit: 2191 

The limitation regarding secure installation and operation of software in the preamble is 
not given any patentable weight because the body of the claim does not recite any 
limitations related to secure installation and operation of software. 

Per claim 2: 

The rejection of claim 1 is incorporated, and further, Berghel does not explicitly disclose 
selecting said data from the group comprising an installation log, an application 
configuration file, an error log, help information, and database information. 

However, Zimniewicz discloses in an analogous computer system selecting said 
data from the group comprising an installation log (col. 8, lines 45-47 "error log 
indicating why the install cannot proceed"), an application configuration file (col. 7, lines 
30-33 "install... pre-configured by the suite owner"), an error log (col. 8, lines 45-46 
"...written out to the error log..."), help information (col. 6, lines 41-42 "...a setup 
database file..."; the database file is could be a help file as well since computer stores 
the help file into a database, emphasis added), and database information (col. 6, lines 
41-42 "...a setup database file..."). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to incorporate the method of selecting data from the 
various sources as taught by Zimniewicz into the method of installation of ADS PDS 
files as taught by Berghel. The modification would be obvious because of one of 
ordinary skill in the art would be motivated to have various types of files to provide the 
user a logical and easy to understand way that allow them to clearly see the state of the 
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components affected, and what actions will be performed as suggested by Zimniewicz 
(col. 3, lines 5-22). 

Per claim 3: 

The rejection of claim 1 is incorporated, and further, Berghel discloses: 

- writing, reading or manipulating said Alternate Data Stream file from an 
application program after said writing said associated data (page 3, "Next, we'll 
attach an ADS to an empty file: C:\...\test>echo "this is the first ADS associated 
with file1.txt"> file1.txt-.first_ads.txt... " and page 9, section URL Pearls "Windows 
utility that is ideal for ADS manipulation is <cp.exe>"). 

Per claim 4: 

The rejection of claim 1 is incorporated, and further, Berghel discloses: 

- employing as said Primary Data Stream file an executable file (page 4, section 
Phishing and Executable Streams "ADSs may contain anything... most 
interesting type of "anything" is the binary executable..."). 

Per claim 5: 

The rejection of claim 1 is incorporated, and further, Berghel discloses: 

- creating a Primary Data Stream directory chain (page 2, "will create a new 
directory, <test>"); 
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- writing said Primary Data Stream directory chain to said NT File Structure logical 
volume from said installer (page 2, "will create a new directory, <test>"); 

- writing said Primary Data Stream file to said Primary Data Stream directory chain 
in said NT File Structure logical volume from said installer (page 2, "since the 
PDSname field is null, <ads0.txt> is by default associated with the subdirectory 
name in the MFT. Directories in Windows are themselves files that reference 
other files"); 

- associating said data with said Primary Data Stream directory chain or said 
Primary Data Stream file by creating and closing said Alternate Data Stream file 
(page 2, "since the PDSname field is null, <ads0.txt> is by default associated 
with the subdirectory name in the MFT. Directories in Windows are themselves 
files that reference other files" and page 1 Alternate Data Stream "large 
number... alternate data stream (ADSs)... associated with... primary data stream 
(PDS)"); and 

- installing said associated data to said NT File Structure logical volume as said 
Alternate Data Stream file from said installer (page 1 Alternate Data Stream 
"large number... alternate data stream (ADSs)... associated with... primary data 
stream (PDS)"). 

Per claims 6 and 7: 

The rejection of claim 5 is incorporated, and further, Berghel disclose: 
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- employing an installation file comprising said Primary Data Stream file, said 
Alternate Data Stream file (page 1 Alternate Data Stream "large number... 
alternate data stream (ADSs)... associated with... primary data stream (PDS)"), 
installation instructions, said Primary Data Stream directory chain (page 1 
Alternate Data Stream "large number... alternate data stream (ADSs)... 
associated with... primary data stream (PDS)" and page 2, "since the PDSname 
field is null, <ads0.txt> is by default associated with the subdirectory name in the 
MFT. Directories in Windows are themselves files that reference other files"). 

Berghel does not explicitly disclose End User License Agreement. 

However, Zimniewicz discloses in an analogous computer system End User 
License Agreement (col. 8, lines 26-30 "the Ul Manager 91 displays start up screens to 
the user during this stage, including Welcome, Name/Organization, Password, product 
identification (PID), and end user license agreement (EULA) screens"). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to incorporate the method of comprising an End User 
License Agreement as taught by Zimniewicz into the method of installation of ADS PDS 
files as taught by Berghel. The modification would be obvious because of one of 
ordinary skill in the art would be motivated to use an End User License Agreement 
before installation to permit the right user to install the custom installation as suggested 
by Zimniewicz (col. 3, lines 14-22). 
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Per claim 8: 

The rejection of claim 1 is incorporated, and further, Berghel discloses: 

- employing as said associated data first data (page 1 Alternate Data Stream 
"large number... alternate data stream (ADSs)... associated with... primary data 
stream (PDS)"); employing as said Alternate Data Stream file a first Alternate 
Data Stream file; employing second data (page 1 Alternate Data Stream "large 
number... alternate data stream (ADSs)... associated with... primary data stream 
(PDS)"); 

- associating said second data with said Primary Data Stream file (page 1 
Alternate Data Stream "large number... alternate data stream (ADSs)... 
associated with... primary data stream (PDS)"); and 

- writing said associated second data to said NT File Structure logical volume as a 
second Alternate Data Stream file from said installer (page 1 Alternate Data 
Stream "large number... alternate data stream (ADSs)... associated with... 
primary data stream (PDS)"). 

Per claim 9: 

The rejection of claim 1 is incorporated, and further, Berghel discloses: 

- displaying said associated data from said Alternate Data Stream file in said NT 
File Structure logical volume (Figure 1 and related discussion). 



Per claim 10: 



Application/Control Number: 10/785,579 Page 10 

Art Unit: 2191 

The rejection of claim 1 is incorporated, and further, Berghel discloses: 

- defining in said installation file a Primary Data Stream directory chain, said 
Primary Data Stream file, said Alternate Data Stream file, and at least one 
information file (page 4, section Phishing and Executable Streams "ADSs may 
contain anything... most interesting type of "anything" is the binary 
executable..."); 

- displaying said at least one information file from said installation file (page 3, 
Figure 1 and related discussion); 

- creating said Primary Data Stream directory chain in said NT File Structure 
logical volume (page 2, "will create a new directory, <test>"); 

- copying said Primary Data Stream file from said installation file to said Primary 
Data Stream directory chain in said NT File Structure logical volume (page 2, 
"since the PDSname field is null, <ads0.txt> is by default associated with the 
subdirectory name in the MFT. Directories in Windows are themselves files that 
reference other files"); and 

- copying said Alternate Data Stream file from said installation file to said Primary 
Data Stream directory chain in said NT File Structure logical volume (page 3, 
"Next, we'll attach an ADS to an empty file: C:\...\test>echo "this is the first ADS 
associated with file1.txt"> file1.txt:first_ads.txt..." and page 9, section URL Pearls 
"Windows utility that is ideal for ADS manipulation is <cp.exe>"). 



Berghel does not explicitly disclose installer. 
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However, Zimniewicz discloses in an analogous computer system installer is 
used to install the applications (col. 8, lines 45-47 "error log indicating why the install 
cannot proceed"), an application configuration file (See FIG. 3, 4b, 4c and related 

discussion..."). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time the invention was made to incorporate the method of having an installer to 
install the application as taught by Zimniewicz into the method of installation of ADS 
PDS files as taught by Berghel. The modification would be obvious because of one of 
ordinary skill in the art would be motivated to have installer to provide the user a logical 
and easy to understand way that allow them to clearly see the state of the components 
affected, and what actions will be performed as suggested by Zimniewicz (col. 3, lines 
5-22). 

Claims 11, 12, 14-16 and 19-20 are the system claim corresponding to method claims 
1 , 3-5, 9 and 10 respectively, and rejected under the same rational set forth in 
connection with the rejection of claims 1 , 3-5, 9 and 10 respectively, above. 

Claims 13, 17 and 18 are the system claim corresponding to method claims 2, 6 and 7 
respectively, and rejected under the same rational set forth in connection with the 
rejection of claims 2, 6 and 7 respectively, above. 
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Claim 21 is the computer product claim corresponding to method claim 1 and rejected 
under the same rational set forth in connection with the rejection of claim 1 , above. 

Conclusion 

10. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Satish S. Rampuria whose telephone number is (571) 
272-3732. The examiner can normally be reached on 8:30 am to 5:00 pm Monday to 
Friday except every other Friday and federal holidays. Any inquiry of a general nature or 
relating to the status of this application should be directed to the TC 2100 Group 
receptionist: 571-272-2100 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Wei Y. Zhen can be reached on (571) 272-3708. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 

Patent Application Information Retrieval (PAIR) system. Status information for 

published applications may be obtained from either Private PAIR or Public PAIR. 

Status information for unpublished applications is available through Private PAIR only. 

For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 

you have questions on access to the Private PAIR system, contact the Electronic 

Business Center (EBC) at 866-217-9197 (toll-free). 

Satish S. Rampuria 

Patent Examiner/Software Engineer 

Art Unit 2191 
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